Tips for providing low-cost security training
Computerworld - At the height of the recession, Providence Health & Services in Seattle whacked its IT training budget by a hefty 65%. That meant conferences and most tuition-based classroom training were out of the question. So Eric Cowperthwaite, the health service provider's chief information security officer, started looking for alternate ways to provide his staff with ongoing education.
He approached officials at a local security company and offered to pay them a small amount to jointly develop training modules he could then deliver to his staff himself. What he got was a customized course on risk management methodologies and risk analysis skills.
The payback: "I was able to demonstrate to employees that I was still committed to their growth and development," Cowperthwaite said. "While I may not be able to let them go to a conference in Orlando, I'm still able to invest in my people. That was what was most critical: to show people that we were still willing to invest in them."
Cowperthwaite said he also visits with local FBI and Secret Service agents working in Seattle, Los Angeles, Portland and San Francisco -- cities where Providence Health has offices.
"Someday, something bad is going to happen to your company. A laptop may get stolen or data gets stolen or a virus gets inserted into your network. Before you ever get to that point, go find the local FBI or Secret Service office, or even your local chief of police, and invite them to lunch and get to know them," Cowperthwaite advised.
The payoff is that if and when you're faced with a security crisis, you'll have allies you can turn to. You'll also get tips on how to help law enforcement authorities solve your case, Cowperthwaite said.
He cited a time when he worked with the Secret Service on some problems with malicious software. "What they wanted from us were forensically clean versions of the computers involved," Cowperthwaite said, and knowing that upfront meant the incident could be resolved quickly.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts